---
title: "Multi Tenant Github Connections"
---


In the main onboarding flow you can use a wizard to create [a github app](/ce/self-host/deploy-docker#create-github-app) and inject it using environment variables.
In larger orgs there could be a requirement that there are multiple orgs representing department. The github app created is installable on a single org only unless it is published.
For enterprise usecases publishing to github marketplace is not feasible. For this reason we introduced multi-tenant github app via connections. Not only does this allow multiple app
connections per org but it also makes it fully ui-based and there is no need to set environment variables. The way it works is as follows:


### Prerequisite

As a prerequisite for this step you need to have already set the environment variable for `DIGGER_ENCRYPTION_SECRET`
which is a 32 character string used for encrypting the github values. You can generate one in openssl as follows:

The second important point is that you should not have any GITHUB_XXXX environment variables set (example GITHUB_CLIENT_ID)
since digger will look for env variables first before it searches for connection matches from DB.

```
openssl rand -base64 24
```

### how to set up multi org connections:

In your backend you can visit /github/connections and it will show you a screen like below

![](/images/ee/multi-tenant-github.png)

Within this screen you can see your current connections and also create your connections to an org. Type in your github org in the
text box and click on "set up github app" to follow the wizard for creation in your org. Ensure that the button on github side says "create in diggerhq"
so it is installed in the right organisation. Upon success you will be redirected back to the same page and you should see that connection in the table
You can click on the link to install that connection from the table

**Important**: its important to install using the link in the table since an additional "state" parameter is passed containing app ID metadata in order to
verify the app on callback. If you attempt to install the created app from github directly it will lead to an error.